<?php

// --------------------------------------------------------------------- //
// FLASH                                                                 //
// Process Login Info                                                    //
// V1.1 build 20030512                                                   //
// --------------------------------------------------------------------- //
// IN: username, password                                                //
// OUT: name, admin, expiry, module                                      //
//      login = "true" | "false", message                                //
// --------------------------------------------------------------------- //
// NOTES: - you may need to edit the $logFile variable to point to       //
//          a directory with read/write access for PHP                   //
//        - The account is checked for expiration and active status      //
//                                                                       //
// Changelog:                                                            //
//		  - changed the way stage/module is considered                   //
// --------------------------------------------------------------------- //

    // connection variables -----------------------------------------------
    $mysqlServer   = "66.226.14.61";
    $mysqlUser     = "timescape";
    $mysqlPassword = "ducati748";
    $mysqlDatabase = "timescape";
    $mysqlTable    = "german";

    $logFile       = "./logs/logins.txt";
    $logFileSize   = 50000;

	$launchURL     = "launch.swf";
    $flashLevel    = "_level1";
    $flashKey      = "services.swf";

    // unset session variables --------------------------------------------
    session_start();
    session_unset();


    // parse username/password from submitted form ------------------------
    $inputUser = "";
    $inputPass = "";
    if (isset($HTTP_GET_VARS['username']))
        $inputUser = $HTTP_GET_VARS['username'];
    if (isset($HTTP_GET_VARS['password']))
        $inputPass = $HTTP_GET_VARS['password'];

    // MySQL Queries ------------------------------------------------------
    $loginQuery      = "SELECT
                        CONCAT(firstname,' ',surname) AS name,
                        admin,
                        active,
                        expiry,
                        module
                        FROM $mysqlTable
                        WHERE username='$inputUser' AND password='$inputPass'";

    $deactivateQuery = "UPDATE $mysqlTable
                        SET active='N'
                        WHERE username='$inputUser' AND password='$inputPass'";

    // Messages -----------------------------------------------------------
    $errorConnect   = 'Unable to connect to database server.';
    $errorConnectdb = 'Unable to use the database.';
    $errorQuery     = 'Error while accessing the database. It may be corrupted.';

    $msgLoginFail   = 'Wrong username and password. Unable to login.';
    $msgLoginSuccess= 'Login successful';
    $msgDisabled    = 'Your account is disabled.';
    $msgExpired     = 'Your account has expired on';

    // Append the Log File ------------------------------------------------
    function appendLog($loginResult)
    {
        global $logFile, $logFileSize, $inputUser, $HTTP_SERVER_VARS;
        $userIP    = $HTTP_SERVER_VARS['REMOTE_ADDR'];
        $timeStamp = date("Y-m-d,H:i:s");
        $logEntry  = "$userIP,$inputUser,$timeStamp,$loginResult\r\n";

        if ((@file_exists($logFile)) && (@filesize($logFile)<$logFileSize))
            $fp = @fopen($logFile, "a");
        else
            $fp = @fopen($logFile, "w");
        if ($fp != false)
        {
            @flock($fp, LOCK_EX);
            @fwrite($fp, $logEntry);
            @fclose($fp);
        }
    }

    // connect to database ------------------------------------------------

    $dblink = @mysql_connect($mysqlServer, $mysqlUser, $mysqlPassword);
    if ($dblink == false)
    {
        echo "&login=false&message=$errorConnect&";
        exit;
    }
    if (@mysql_select_db($mysqlDatabase) == false)
    {
        echo "&login=false&message=$errorConnectdb&";
        exit;
    }

    // send login query ---------------------------------------------------
    $resultQuery = @mysql_query($loginQuery);
    if ($resultQuery == false)
    {
        echo "&login=false&message=$errorQuery&";
        exit;
    }

    $numberOfUsers = mysql_num_rows($resultQuery);

    // login successful, but... -------------------------------------------
    if ($numberOfUsers == 1)
    {
        $row = mysql_fetch_array($resultQuery);
        $name      = rawurlencode($row['name']);
        $admin     = ($row['admin'] == "Y")  ? "true" : "false";
        $active    = ($row['active'] == "Y") ? true : false;
        $expire    =  $row['expiry'];
        $module    =  $row['module'];

        $expireTime= strtotime($expire);
        // account has expired --------------------------------------------
        if ($expireTime-time() < 0)
        {
            appendLog("account expired");
            echo "&login=false&message=$msgExpired $expire&";
            // if it's still active, disable it too -----------------------
            if ($active)
                 $resultQuery = @mysql_query($deactivateQuery);
            exit;
        }
        // account is active, everything is fine --------------------------
        elseif ($active)
        {
            appendLog("login sucessful");
            echo "&login=true&message=$msgLoginSuccess&name=$name&admin=$admin&expire=$expire&module=$launchURL&level=$module&p2=$flashLevel&p1=$flashKey";

            // register session variables needed later --------------------
            //session_register('inputUser');
            //session_register('inputPass');
            $HTTP_SESSION_VARS['inputUser'] = $inputUser;
            $HTTP_SESSION_VARS['inputPass'] = $inputPass;

            exit;
        }
        // account is disabled --------------------------------------------
        else
        {
            appendLog("account disabled");
            echo "&login=false&message=$msgDisabled&";
            exit;
        }
    }
    // login failed -------------------------------------------------------
    elseif ($numberOfUsers == 0)
    {
        appendLog("login failed");
        echo "&login=false&message=$msgLoginFail&";
        exit;
    }
    else
        echo "&login=false&message=$errorQuery&";
?>